Blockchain Identity Management System based on Public Identities Ledger

1. A system for managing identities of entities in a computer network, comprising: a plurality of computing devices in the computer network, each computing device being associated with at least one entity; and an electronic append-only public identities ledger maintained simultaneously at more than one of the plurality of computing devices, the electronic append-only public identities ledger comprising a plurality of cryptographically-encapsulated identity objects that each uniquely identify a respective entity within the computer network, wherein each of the plurality of cryptographically-encapsulated identity objects further comprises: one or more identification attributes that uniquely identify a first entity associated with the respective cryptographically-encapsulated identity object, the one or more identification attributes being self-enveloped via a public cryptographic key of the first entity; and one or more validation attributes created by a second entity associated with a separate cryptographically-encapsulated identity object, wherein the one or more validation attributes are used to validate that the one or more identification attributes accurately identify the first entity, wherein, upon respective validation, each of the plurality of cryptographically-encapsulated identity objects are structured in a linked list and maintained simultaneously at at least a first computing device associated with the first entity and a second computing device associated with the second entity.

2. The system of claim 1 , wherein the plurality of cryptographically-encapsulated identity objects are cryptographically encapsulated by hashing.

3. The system of claim 1 , wherein the plurality of cryptographically-encapsulated identity objects are cryptographically encapsulated by symmetric key encryption.

4. The system of claim 1 , wherein the structuring in a linked list occurs after the plurality of cryptographically encapsulated identity objects self-validate the structuring and classify the identification attributes as pre-issuance validators.

5. The system of claim 1 , wherein a subset of the plurality of cryptographically encapsulated identity objects perform post-issuance validation of the structuring using a peer-to-peer validation protocol.

6. The system of claim 1 , wherein the linked list comprises a block chain.

7. The system of claim 1 , wherein the linked list comprises a star-shaped linked list.

8. The system of claim 7 , wherein the star-shaped linked list comprises one or more parallel branches.

9. The system of claim 1 , wherein the entities in the computer network comprise a human user, an organization, software application and/or a uniquely-identifiable computing device.

10. The system of claim 1 , wherein each of the plurality of cryptographically-encapsulated identity objects further comprises a header, search attributes, public attributes, an initial validator, and a validator signature.

11. The system of claim 10 , wherein the header comprises an identification number identifying the respective entity, a version number indicating a current version of the respective object, a time stamp indicating a time of creation of the respective object, and an assurance level indicating an appropriate level of validation of the respective entity.

12. The system of claim 10 , wherein the search attributes comprise encrypted versions of a name, email address, and mobile phone number associated with the respective entity.

13. The system of claim 10 , wherein the public attributes comprise a name, country, state, city, address and date of birth associated with the respective entity.

14. The system of claim 10 , wherein the initial validator comprises data associated with identification attributes of the second entity responsible for validation of the first entity.

15. The system of claim 10 , wherein each of the search attributes, public attributes, and the initial validator are populated by the respective entity.

16. The system of claim 1 , wherein the plurality of cryptographically-encapsulated identity objects are exchangeable between more than one of the plurality of computing devices in the computer network.

17. The system of claim 16 , wherein the plurality of cryptographically-encapsulated identity objects are exchangeable by means of a peer-to-peer cryptographic protocol.

18. The system of claim 16 , wherein in order to be exchanged, the one or more identification attributes of the plurality of cryptographically-encapsulated objects are transformed from self-enveloped to signed-and-enveloped objects.

19. The system of claim 1 , wherein respective validation of the identification attributes occurs according to registrations of service providers, business arrangements, and/or exchange of communications over the computer network.

20. The system of claim 1 , wherein respective validation of the identification attributes is assigned an assurance level, wherein the assurance level indicates an appropriate level of validation.

21. The system of claim 1 , wherein the electronic append-only public identities ledger comprises an authority entity, wherein the authority entity initiates an instance of the first entity.

22. The system of claim 1 , wherein the second entity comprises a policy provider entity, wherein the policy provider entity defines how the plurality of cryptographically-encapsulated identity objects of the electronic append-only public identities ledger are protected, distributed, validated, or managed.

23. A method for managing identities of entities associated with an electronic append-only public identities ledger maintained at a plurality of electronic computing devices in a computer network, comprising: receiving at one or more of the electronic computing devices in the computer network a cryptographically-encapsulated identity object that uniquely identifies a particular entity within the computer network, wherein the cryptographically-encapsulated identity objects further comprises: one or more identification attributes that uniquely identify the respective entity associated with the cryptographically-encapsulated identity object, the one or more identification attributes being self-enveloped via a public cryptographic key of the respective entity; and one or more validation attributes created by a second entity associated with a separate cryptographically-encapsulated identity object; upon receipt of the cryptographically-encapsulated identity object at the one or more electronic computing devices in the computer network, validating the one or more identification attributes associated with the respective entity by means of the one or more validation attributes created by the second entity and associated with a separate cryptographically-encapsulated identity object; and, upon validation of the one or more identification attributes associated with the respective entity, structuring the plurality of cryptographically-encapsulated identity objects in a linked list that is maintained simultaneously at at least a first computing device associated with the respective entity and a second computing device associated with the second entity.

24. A system for managing identities of entities in a computer network, comprising: a plurality of computing devices in the computer network, each computing device being associated with at least one entity; and an electronic append-only public identities ledger maintained simultaneously at more than one of the plurality of computing devices, the electronic append-only public identities ledger comprising a plurality of cryptographically-encapsulated identity objects that each uniquely identify a respective entity within the computer network, wherein each of the plurality of cryptographically-encapsulated identity objects further comprises: one or more identification attributes that uniquely identify a first entity associated with the respective cryptographically-encapsulated identity object, each of the one or more identification attributes being self-enveloped via a public cryptographic key of the first entity, each of the one or more identification attributes further comprising; a header comprising a personal identification number of the first entity, a version number associated with a current version of the first object, a date and time the first object was created, and an assurance level associated with an appropriate level of validation of the first entity; one or more search attributes comprising self-encrypted versions of a name, email address, and mobile phone number associated with the first entity; one or more public attributes comprising the name, country, state, city, address, and date of birth associated with the first entity; an initial validator comprising information associated with one or more identification attributes of a second entity, the second entity being at least partially responsible for validating the first entity; and an initial validator signature comprising an electronic signature of the second entity after respective validation, one or more validation attributes created by the second entity, wherein the one or more validation attributes are used to validate that the one or more identification attributes accurately identify the first entity, each of the one or more validation attributes further comprising: a header, a blockchain validator, and a blockchain validator signature, each comprising information associated with identification attributes of the second entity, wherein, upon respective validation, each of the plurality of cryptographically-encapsulated identity objects are structured in a star-shaped linked list and maintained simultaneously at at least a first computing device associated with the first entity and a second computing device associated with the second entity.